scsi: ufs: core: Add OP-TEE based RPMB driver for UFS devices

config RPMB

	tristate "RPMB partition interface"

	depends on MMC

	depends on MMC || SCSI_UFSHCD

	help

	  Unified RPMB unit interface for RPMB capable devices such as eMMC and

	  UFS. Provides interface for in-kernel security controllers to access

obj-$(CONFIG_SCSI_UFSHCD)		+= ufshcd-core.o

ufshcd-core-y				+= ufshcd.o ufs-sysfs.o ufs-mcq.o

ufshcd-core-$(CONFIG_RPMB)		+= ufs-rpmb.o

ufshcd-core-$(CONFIG_DEBUG_FS)		+= ufs-debugfs.o

ufshcd-core-$(CONFIG_SCSI_UFS_BSG)	+= ufs_bsg.o

ufshcd-core-$(CONFIG_SCSI_UFS_CRYPTO)	+= ufshcd-crypto.o

// SPDX-License-Identifier: GPL-2.0

/*

 * UFS OP-TEE based RPMB Driver

 *

 * Copyright (C) 2025 Micron Technology, Inc.

 * Copyright (C) 2025 Qualcomm Technologies, Inc.

 *

 * Authors:

 *	Bean Huo <beanhuo@micron.com>

 *	Can Guo <can.guo@oss.qualcomm.com>

 */

#include <linux/module.h>

#include <linux/device.h>

#include <linux/kernel.h>

#include <linux/types.h>

#include <linux/rpmb.h>

#include <linux/string.h>

#include <linux/list.h>

#include <ufs/ufshcd.h>

#include <linux/unaligned.h>

#include "ufshcd-priv.h"

#define UFS_RPMB_SEC_PROTOCOL		0xEC	/* JEDEC UFS application */

#define UFS_RPMB_SEC_PROTOCOL_ID	0x01	/* JEDEC UFS RPMB protocol ID, CDB byte3 */

static const struct bus_type ufs_rpmb_bus_type = {

	.name = "ufs_rpmb",

};

/* UFS RPMB device structure */

struct ufs_rpmb_dev {

	u8 region_id;

	struct device dev;

	struct rpmb_dev *rdev;

	struct ufs_hba *hba;

	struct list_head node;

};

static int ufs_sec_submit(struct ufs_hba *hba, u16 spsp, void *buffer, size_t len, bool send)

{

	struct scsi_device *sdev = hba->ufs_rpmb_wlun;

	u8 cdb[12] = { };

	cdb[0] = send ? SECURITY_PROTOCOL_OUT : SECURITY_PROTOCOL_IN;

	cdb[1] = UFS_RPMB_SEC_PROTOCOL;

	put_unaligned_be16(spsp, &cdb[2]);

	put_unaligned_be32(len, &cdb[6]);

	return scsi_execute_cmd(sdev, cdb, send ? REQ_OP_DRV_OUT : REQ_OP_DRV_IN,

				buffer, len, /*timeout=*/30 * HZ, 0, NULL);

}

/* UFS RPMB route frames implementation */

static int ufs_rpmb_route_frames(struct device *dev, u8 *req, unsigned int req_len, u8 *resp,

					unsigned int resp_len)

{

	struct ufs_rpmb_dev *ufs_rpmb = dev_get_drvdata(dev);

	struct rpmb_frame *frm_out = (struct rpmb_frame *)req;

	bool need_result_read = true;

	u16 req_type, protocol_id;

	struct ufs_hba *hba;

	int ret;

	if (!ufs_rpmb) {

		dev_err(dev, "Missing driver data\n");

		return -ENODEV;

	}

	hba = ufs_rpmb->hba;

	req_type = be16_to_cpu(frm_out->req_resp);

	switch (req_type) {

	case RPMB_PROGRAM_KEY:

		if (req_len != sizeof(struct rpmb_frame) || resp_len != sizeof(struct rpmb_frame))

			return -EINVAL;

		break;

	case RPMB_GET_WRITE_COUNTER:

		if (req_len != sizeof(struct rpmb_frame) || resp_len != sizeof(struct rpmb_frame))

			return -EINVAL;

		need_result_read = false;

		break;

	case RPMB_WRITE_DATA:

		if (req_len % sizeof(struct rpmb_frame) || resp_len != sizeof(struct rpmb_frame))

			return -EINVAL;

		break;

	case RPMB_READ_DATA:

		if (req_len != sizeof(struct rpmb_frame) || resp_len % sizeof(struct rpmb_frame))

			return -EINVAL;

		need_result_read = false;

		break;

	default:

		dev_err(dev, "Unknown request type=0x%04x\n", req_type);

		return -EINVAL;

	}

	protocol_id = ufs_rpmb->region_id << 8 | UFS_RPMB_SEC_PROTOCOL_ID;

	ret = ufs_sec_submit(hba, protocol_id, req, req_len, true);

	if (ret) {

		dev_err(dev, "Command failed with ret=%d\n", ret);

		return ret;

	}

	if (need_result_read) {

		struct rpmb_frame *frm_resp = (struct rpmb_frame *)resp;

		memset(frm_resp, 0, sizeof(*frm_resp));

		frm_resp->req_resp = cpu_to_be16(RPMB_RESULT_READ);

		ret = ufs_sec_submit(hba, protocol_id, resp, resp_len, true);

		if (ret) {

			dev_err(dev, "Result read request failed with ret=%d\n", ret);

			return ret;

		}

	}

	if (!ret) {

		ret = ufs_sec_submit(hba, protocol_id, resp, resp_len, false);

		if (ret)

			dev_err(dev, "Response read failed with ret=%d\n", ret);

	}

	return ret;

}

static void ufs_rpmb_device_release(struct device *dev)

{

	struct ufs_rpmb_dev *ufs_rpmb = dev_get_drvdata(dev);

	rpmb_dev_unregister(ufs_rpmb->rdev);

}

/* UFS RPMB device registration */

int ufs_rpmb_probe(struct ufs_hba *hba)

{

	struct ufs_rpmb_dev *ufs_rpmb, *it, *tmp;

	struct rpmb_dev *rdev;

	char *cid = NULL;

	int region;

	u32 cap;

	int ret;

	if (!hba->ufs_rpmb_wlun || hba->dev_info.b_advanced_rpmb_en) {

		dev_info(hba->dev, "Skip OP-TEE RPMB registration\n");

		return -ENODEV;

	}

	/* Check if device_id is available */

	if (!hba->dev_info.device_id) {

		dev_err(hba->dev, "UFS Device ID not available\n");

		return -EINVAL;

	}

	INIT_LIST_HEAD(&hba->rpmbs);

	struct rpmb_descr descr = {

		.type = RPMB_TYPE_UFS,

		.route_frames = ufs_rpmb_route_frames,

		.reliable_wr_count = hba->dev_info.rpmb_io_size,

	};

	for (region = 0; region < ARRAY_SIZE(hba->dev_info.rpmb_region_size); region++) {

		cap = hba->dev_info.rpmb_region_size[region];

		if (!cap)

			continue;

		ufs_rpmb = devm_kzalloc(hba->dev, sizeof(*ufs_rpmb), GFP_KERNEL);

		if (!ufs_rpmb) {

			ret = -ENOMEM;

			goto err_out;

		}

		ufs_rpmb->hba = hba;

		ufs_rpmb->dev.parent = &hba->ufs_rpmb_wlun->sdev_gendev;

		ufs_rpmb->dev.bus = &ufs_rpmb_bus_type;

		ufs_rpmb->dev.release = ufs_rpmb_device_release;

		dev_set_name(&ufs_rpmb->dev, "ufs_rpmb%d", region);

		/* Set driver data BEFORE device_register */

		dev_set_drvdata(&ufs_rpmb->dev, ufs_rpmb);

		ret = device_register(&ufs_rpmb->dev);

		if (ret) {

			dev_err(hba->dev, "Failed to register UFS RPMB device %d\n", region);

			put_device(&ufs_rpmb->dev);

			goto err_out;

		}

		/* Create unique ID by appending region number to device_id */

		cid = kasprintf(GFP_KERNEL, "%s-R%d", hba->dev_info.device_id, region);

		if (!cid) {

			device_unregister(&ufs_rpmb->dev);

			ret = -ENOMEM;

			goto err_out;

		}

		descr.dev_id = cid;

		descr.dev_id_len = strlen(cid);

		descr.capacity = cap;

		/* Register RPMB device */

		rdev = rpmb_dev_register(&ufs_rpmb->dev, &descr);

		if (IS_ERR(rdev)) {

			dev_err(hba->dev, "Failed to register UFS RPMB device.\n");

			device_unregister(&ufs_rpmb->dev);

			ret = PTR_ERR(rdev);

			goto err_out;

		}

		kfree(cid);

		cid = NULL;

		ufs_rpmb->rdev = rdev;

		ufs_rpmb->region_id = region;

		list_add_tail(&ufs_rpmb->node, &hba->rpmbs);

		dev_info(hba->dev, "UFS RPMB region %d registered (capacity=%u)\n", region, cap);

	}

	return 0;

err_out:

	kfree(cid);

	list_for_each_entry_safe(it, tmp, &hba->rpmbs, node) {

		list_del(&it->node);

		device_unregister(&it->dev);

	}

	return ret;

}

/* UFS RPMB remove handler */

void ufs_rpmb_remove(struct ufs_hba *hba)

{

	struct ufs_rpmb_dev *ufs_rpmb, *tmp;

	if (list_empty(&hba->rpmbs))

		return;

	/* Remove all registered RPMB devices */

	list_for_each_entry_safe(ufs_rpmb, tmp, &hba->rpmbs, node) {

		dev_info(hba->dev, "Removing UFS RPMB region %d\n", ufs_rpmb->region_id);

		/* Remove from list first */

		list_del(&ufs_rpmb->node);

		/* Unregister device */

		device_unregister(&ufs_rpmb->dev);

	}

	dev_info(hba->dev, "All UFS RPMB devices unregistered\n");

}

MODULE_LICENSE("GPL v2");

MODULE_DESCRIPTION("OP-TEE UFS RPMB driver");

	return val / sizeof(struct utp_transfer_req_desc);

}

#if IS_ENABLED(CONFIG_RPMB)

int ufs_rpmb_probe(struct ufs_hba *hba);

void ufs_rpmb_remove(struct ufs_hba *hba);

#else

static inline int ufs_rpmb_probe(struct ufs_hba *hba)

{

	return 0;

}

static inline void ufs_rpmb_remove(struct ufs_hba *hba)

{

}

#endif

#endif /* _UFSHCD_PRIV_H_ */

	    desc_buf[UNIT_DESC_PARAM_LU_WR_PROTECT] == UFS_LU_POWER_ON_WP)

		hba->dev_info.is_lu_power_on_wp = true;

	/* In case of RPMB LU, check if advanced RPMB mode is enabled */

	if (desc_buf[UNIT_DESC_PARAM_UNIT_INDEX] == UFS_UPIU_RPMB_WLUN &&

	    desc_buf[RPMB_UNIT_DESC_PARAM_REGION_EN] & BIT(4))

	/* In case of RPMB LU, check if advanced RPMB mode is enabled, and get region size */

	if (desc_buf[UNIT_DESC_PARAM_UNIT_INDEX] == UFS_UPIU_RPMB_WLUN) {

		if (desc_buf[RPMB_UNIT_DESC_PARAM_REGION_EN] & BIT(4))

			hba->dev_info.b_advanced_rpmb_en = true;

		hba->dev_info.rpmb_region_size[0] = desc_buf[RPMB_UNIT_DESC_PARAM_REGION0_SIZE];

		hba->dev_info.rpmb_region_size[1] = desc_buf[RPMB_UNIT_DESC_PARAM_REGION1_SIZE];

		hba->dev_info.rpmb_region_size[2] = desc_buf[RPMB_UNIT_DESC_PARAM_REGION2_SIZE];

		hba->dev_info.rpmb_region_size[3] = desc_buf[RPMB_UNIT_DESC_PARAM_REGION3_SIZE];

	}

	kfree(desc_buf);

		ufshcd_upiu_wlun_to_scsi_wlun(UFS_UPIU_RPMB_WLUN), NULL);

	if (IS_ERR(sdev_rpmb)) {

		ret = PTR_ERR(sdev_rpmb);

		hba->ufs_rpmb_wlun = NULL;

		dev_err(hba->dev, "%s: RPMB WLUN not found\n", __func__);

		goto remove_ufs_device_wlun;

	}

	hba->ufs_rpmb_wlun = sdev_rpmb;

	ufshcd_blk_pm_runtime_init(sdev_rpmb);

	scsi_device_put(sdev_rpmb);

	dev_info->rtc_update_period = 0;

}

/**

 * ufshcd_create_device_id - Generate unique device identifier string

 * @hba: per-adapter instance

 * @desc_buf: device descriptor buffer

 *

 * Creates a unique device ID string combining manufacturer ID, spec version,

 * model name, serial number (as hex), device version, and manufacture date.

 *

 * Returns: Allocated device ID string on success, NULL on failure

 */

static char *ufshcd_create_device_id(struct ufs_hba *hba, u8 *desc_buf)

{

	struct ufs_dev_info *dev_info = &hba->dev_info;

	u16 manufacture_date;

	u16 device_version;

	u8 *serial_number;

	char *serial_hex;

	char *device_id;

	u8 serial_index;

	int serial_len;

	int ret;

	serial_index = desc_buf[DEVICE_DESC_PARAM_SN];

	ret = ufshcd_read_string_desc(hba, serial_index, &serial_number, SD_RAW);

	if (ret < 0) {

		dev_err(hba->dev, "Failed reading Serial Number. err = %d\n", ret);

		return NULL;

	}

	device_version = get_unaligned_be16(&desc_buf[DEVICE_DESC_PARAM_DEV_VER]);

	manufacture_date = get_unaligned_be16(&desc_buf[DEVICE_DESC_PARAM_MANF_DATE]);

	serial_len = ret;

	/* Allocate buffer for hex string: 2 chars per byte + null terminator */

	serial_hex = kzalloc(serial_len * 2 + 1, GFP_KERNEL);

	if (!serial_hex) {

		kfree(serial_number);

		return NULL;

	}

	bin2hex(serial_hex, serial_number, serial_len);

	/*

	 * Device ID format is ABI with secure world - do not change without firmware

	 * coordination.

	 */

	device_id = kasprintf(GFP_KERNEL, "%04X-%04X-%s-%s-%04X-%04X",

			      dev_info->wmanufacturerid, dev_info->wspecversion,

			      dev_info->model, serial_hex, device_version,

			      manufacture_date);

	kfree(serial_hex);

	kfree(serial_number);

	if (!device_id)

		dev_warn(hba->dev, "Failed to allocate unique device ID\n");

	return device_id;

}

static int ufs_get_device_desc(struct ufs_hba *hba)

{

	int err;

		goto out;

	}

	/* Generate unique device ID */

	dev_info->device_id = ufshcd_create_device_id(hba, desc_buf);

	hba->luns_avail = desc_buf[DEVICE_DESC_PARAM_NUM_LU] +

		desc_buf[DEVICE_DESC_PARAM_NUM_WLU];

	kfree(dev_info->model);

	dev_info->model = NULL;

	kfree(dev_info->device_id);

	dev_info->device_id = NULL;

}

/**

	else if (desc_buf[GEOMETRY_DESC_PARAM_MAX_NUM_LUN] == 0)

		hba->dev_info.max_lu_supported = 8;

	hba->dev_info.rpmb_io_size = desc_buf[GEOMETRY_DESC_PARAM_RPMB_RW_SIZE];

out:

	kfree(desc_buf);

	return err;

	ufs_bsg_probe(hba);

	scsi_scan_host(hba->host);

	ufs_rpmb_probe(hba);

out:

	return ret;

		ufshcd_rpm_get_sync(hba);

	ufs_hwmon_remove(hba);

	ufs_bsg_remove(hba);

	ufs_rpmb_remove(hba);

	ufs_sysfs_remove_nodes(hba->dev);

	cancel_delayed_work_sync(&hba->ufs_rtc_update_work);

	blk_mq_destroy_queue(hba->tmf_queue);